You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Rootkits Detected

Hello, just wondering if anyone can assist with a rootkit problem. AVG found 5 rootkits hidden in the registry of my laptop, but can't fix this. Rootkits are bad things, so would like to get rid of them, of course.

The laptop is several years old. A Toshiba Satellite with 1.86GHz Intel processor; 130 GB HD; and 1.5 GB RAM. It was working fine until 2 days ago when it got slow and started freezing up. Today it blue screen - ed me!

I ran AVG, Malwarebytes and SuperAntiSpyware and found 5 Trojans, 4 Backdoor Bots, and these 5 rootkits. The other things were fixed, but AVG was the only one that found the rootkits and says it can't fix them. I also tried the TDSSKiller and that didn't find the rootkits. This laptop is used only by me and never visits questionable websites and I can't imagine how this happened.

Thank you so much! By the way, the names of the rootkits that AVG detected are all REGHOOK.SYS in different places in the registry - and there are five of them: Service Function: NtSetValueKeyHook ->REGHOOK.SYS; Service Function: NtQueryValueKeyHook ->REGHOOK.SYS; Service Function: NtEnumerateValueKeyHook ->REGHOOK.SYS; Service Function: NtDeleteValueKeyHook ->REGHOOK.SYS; and Service Function: NtCreateValueKeyHook ->REGHOOK.SYS.

I'm including the results of the first two scans, but needed to ask about the third - when I downloaded it, it is preset to remove any threats found and to skip scanning archives. Is that the way you want me to leave it set for the scan? I wasn't sure, since the first two didn't seem to actually fix anything, just generate a report. Please advise.

Here are the first two logs you requested - and thanks so much, again, for your help:

Wow. That took a while! Sorry it took so long. I'm in US Central time, so gonna turn in for the night. Will check back soon as I get the chance tomorrow. Thank you for your time, I know it's going to take a while to get through all this. This is everything but ESet. Here are the logs:

Error: (10/04/2012 08:19:45 PM) (Source: Application Error) (User: )
Description: Fault bucket -1106308771.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (10/05/2012 03:19:01 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0012F0928931. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.